[I] 2FA is enabled even if User fails to verify with TOTP code [cloudstack]

Wed, 22 Jan 2025 09:18:10 -0800 


scottsignal opened a new issue, #9308:
URL: https://github.com/apache/cloudstack/issues/9308

   <!--
   Verify first that your issue/request is not already reported on GitHub.
   Also test if the latest release and main branch are affected too.
   Always add information AFTER of these HTML comments, but no need to delete 
the comments.
   -->
   
   ##### ISSUE TYPE
   <!-- Pick one below and delete the rest -->
    * Bug Report
   
   ##### COMPONENT NAME
   <!--
   
   -->
   ~~~
   setup2FA
   ~~~
   
   ##### CLOUDSTACK VERSION
   <!--
   
   -->
   
   ~~~
   4.19.0.1
   ~~~
   
   ##### CONFIGURATION
   <!--
   Information about the configuration if relevant, e.g. basic network, 
advanced networking, etc.  N/A otherwise
   -->
   N/A
   
   ##### OS / ENVIRONMENT
   <!--
   Information about the environment if relevant, N/A otherwise
   -->
   Ubuntu 22.04
   Single-node Management Server
   MySQL 5.7
   
   ##### SUMMARY
   <!-- Explain the problem/feature briefly -->
   2FA is enabled on a user even if user fails to verify TOTP auth code to 
enable
   
   ##### STEPS TO REPRODUCE
   <!--
   For bugs, show exactly how to reproduce the problem, using a minimal 
test-case. Use Screenshots if accurate.
   
   For new features, show how the feature would be used.
   -->
   Create a user that is set to enable in 2FA upon login
   Choose either Google Authenticator or Other TOTP and click Setup
   Enter the wrong Token on accident and you are kicked back to login. 
   Try logging in again and you are presented with a 2FA screen, however, you 
were never successfully enrolled so TOTP codes do not work.
   
   <!-- Paste example playbooks or commands between quotes below -->
   ~~~
   
   ~~~
   
   <!-- You can also paste gist.github.com links for larger files -->
   
   ##### EXPECTED RESULTS
   <!-- What did you expect to happen when running the steps above? -->
   
   ~~~
   Account isn't enrolled in 2FA until they verify with a code from their TOTP 
application
   ~~~
   
   ##### ACTUAL RESULTS
   <!-- What actually happened? -->
   
   <!-- Paste verbatim command output between quotes below -->
   ~~~
   Account is enrolled in 2FA without a valid TOTP
   ~~~
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to